From: Tim Starling <tstarling@users.mediawiki.org>
Date: Mon, 28 Feb 2011 02:35:57 +0000 (+0000)
Subject: Revert r81576: The fact that there are two checks, one close to the inclusion and... 
X-Git-Tag: 1.31.0-rc.0~31727
X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=63f263b182aa76352e70e15d3bdc71c53e58341e;p=lhc%2Fweb%2Fwiklou.git

Revert r81576: The fact that there are two checks, one close to the inclusion and one exposed to the user, was a deliberate security measure. Only the fact that they are the same was intended to be temporary.
---

diff --git a/languages/Language.php b/languages/Language.php
index b8515f3669..3501bd5a7a 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -156,7 +156,9 @@ class Language {
 		static $recursionLevel = 0;
 
 		// Protect against path traversal below
-		if ( !Language::isValidCode( $code ) ) {
+		if ( !Language::isValidCode( $code ) 
+			|| strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+		{
 			throw new MWException( "Invalid language code \"$code\"" );
 		}
 
@@ -2856,7 +2858,9 @@ class Language {
 	 */
 	static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
 		// Protect against path traversal
-		if ( !Language::isValidCode( $code ) ) {
+		if ( !Language::isValidCode( $code ) 
+			|| strcspn( $code, "/\\\000" ) !== strlen( $code ) ) 
+		{
 			throw new MWException( "Invalid language code \"$code\"" );
 		}